[squid-dev] forward bumped traffic to parent in plain form

[Anthony Pankov]

Hello,

I still want to modify squid in such a way that it can forward clients http traffic to a parent cache in plain form.
I mean after bumping ssl (forntend-squid establish tls connection with a client) requests from client should goes to parent cache as a plain http ( GET etc.) That is, using parent cache as in good old days without https.

Connection between squids servers is already encrypted so I don't need any additional tls(security) layer.

Also, for simplification, I assume never_direct directive for this traffic on a front-end.
I understand that it will preclude any checks for origin server certificate but this is not a problem because policy for origin may be applied in a parent cache.

I tried to modify FwdState::noteConnection to avoid establishTunnelThruProxy() and FwdState::secureConnectionToPeerIfNeeded  to avoid secureConnectionToPeer() but has no lack.

They use request.flags  sslBumped and sslPeek that I do not fully understand. sslPeek described as "internal ssl-bump request to get server cert" but it always True when I'm in noteConnection.

Also I noted  async SslBumpEstablish which call switchToHttps. Because of asyncs I can't fully understand where I can preclude switching connections to parent cache to "CONNECT" mode rather than using it plain.

Any help would be appreciated. 


-- 
Best regards,
 Anthony                          mailto:anthony.pankov at yahoo.com